A ‘critical’ severity flaw has been detected inFortiOS and FortiProxy, identified as CVE-2023-33308 (CVSS rating 9.8). A remote attacker can use the vulnerability on susceptible devices to execute Fortinet arbitrary code.
“A stack-based overflow vulnerability [CWE-124] in FortiOS&FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection”, reads the advisory published by Fortinet.
When a program writes more data than is allotted for a buffer on the stack (a memory region), causing data to overflow to neighboring memory regions, this is known as a stack-based overflow and is a security issue.
By providing specifically crafted input that exceeds the buffer’s limit, an attacker might take advantage of these defects to rewrite critical memory parameters related to functions and execute malicious code.
Researchers from the security firm Watchtowr uncovered the flaw.
Impacted FortiOSVersions
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.9
Versions Not Affected
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
FortiProxy 2.x all versions
FortiProxy 1.x all versions
Fixes Available
FortiOS version 7.2.4 or above
FortiOS version 7.0.11 or above
FortiProxy version 7.2.3 or above
FortiProxy version 7.0.10 or above
The warning also recommends disabling HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies in proxy mode to solve the problem.
Fortinet has shared an example of a custom-deep-inspection profile that disables HTTP/2 support:
In addition, fixes for a medium-severity FortiOS vulnerability were published on Tuesday, which might allow an attacker to reuse a deleted user’s session.
The weakness, identified as CVE-2023-28001, occurs because an “existing WebSocket connection persists after deleting API admin.”
Hence, the cybersecurity firm recommends removing HTTP/2 support on SSL inspection profiles to prevent exploitation.
Details of recently patched RCE Flaw(CVE-2023-27997).
The post Fortinet Critical Flaw: Let a Remote Attacker Execute Arbitrary Code appeared first on Cyber Security News.
Cyber Security News